Method and apparatus for synchronizing an adaptable security level in an electronic communication

ABSTRACT

A method of communicating in a secure communication system, comprises the steps of assembling as message at a sender, then determining a security level, and including an indication of the security level in a header of the message. The message is then sent to a recipient.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to a method and apparatus for providingsynchronizing an adaptable security level in an electroniccommunication.

2. Description of the Prior Art

In electronic communications, it is often necessary to prevent aneavesdropper from intercepting a message. It is also desirable to havean indication of the authenticity of a message, that is a verifiableidentification of the sender. These goals are usually achieved throughthe use of cryptography. Private key cryptography requires sharing asecret key prior to initiating communications. Public key cryptographyis generally preferred as it does not require such a shared secret key.Instead, each correspondent has a key pair including a private key and apublic key. The public key may be provided by any convenient means, anddoes not need to be kept secret.

There are many variations in cryptographic algorithms, and variousparameters that determine the precise implementation. In standards forwireless communications, it has been customary to set these parametersin advance for each frame type. However, this approach limits theflexibility of the parameters.

When one device is communicating with several other devices, it willoften need to establish separate parameters for each communication.

It is an object of the present invention to obviate or mitigate theabove disadvantages.

SUMMARY OF THE INVENTION

In accordance with one aspect of the present invention, there isprovided a method of communicating in a secure communication system,comprising the steps of assembling as message at a sender, thendetermining a security level, and including an indication of thesecurity level in a header of the message. The message is then sent to arecipient.

In accordance with another aspect of the present invention, there isprovided a method of providing a security level to a sender by includinginformation in an acknowledgement message.

BRIEF DESCRIPTION OF THE DRAWINGS

These and other features of the preferred embodiments of the inventionwill become more apparent in the following detailed description in whichreference is made to the appended drawings wherein:

FIG. 1 is a schematic representation of a communication system;

FIG. 2 is a schematic representation of an information frame exchangedin the communication system of FIG. 1;

FIG. 3 is a schematic representation of a frame control portion of theframe of FIG. 2;

FIG. 4 is a schematic representation of a method performed by a senderin FIG. 1;

FIG. 5 is a schematic representation of a method performed by arecipient in FIG. 1;

FIG. 6 is a schematic representation of a network protocol used in oneembodiment of the communication system;

FIG. 7 is a schematic representation of an embodiment of thecommunication system;

FIG. 8 is a schematic representation of another embodiment of thecommunication system.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

Referring to FIG. 1, a communication system 10 includes a pair ofcorrespondents 12, 14 connected by a communication link 16. Eachcorrespondent 12, 14 includes a respective cryptographic unit 18, 20.

Each correspondent 12, 14 can include a processor 22, 24. Each processormay be coupled to a display and to user input devices, such as akeyboard, mouse, or other suitable devices. If the display is touchsensitive, then the display itself can be employed as the user inputdevice. A computer readable storage medium is coupled to each processor22, 24 for providing instructions to the processor 22, 24 to instructand/or configure processor 22, 24 to perform steps or algorithms relatedto the operation of each correspondent 12, 14, as further explainedbelow. The computer readable medium can include hardware and/or softwaresuch as, by way of example only, magnetic disks, magnetic tape,optically readable medium such as CD ROM's, and semi-conductor memorysuch as PCMCIA cards. In each case, the medium may take the form of aportable item such as a small disk, floppy diskette, cassette, or it maytake the form of a relatively large or immobile item such as hard diskdrive, solid state memory card, or RAM provided in a support system. Itshould be noted that the above listed example mediums can be used eitheralone or in combination.

Referring to FIG. 2, a frame used in communications between thecorrespondents 12, 14 is shown generally by the numeral 30. The frame 30includes a header 32 and data 34. The header 32 includes informationabout the source and destination of the frame 30 and is used forprocessing frames. The header 32 may contain other control informationas will be understood by those skilled in the art.

Referring to FIG. 3, the header 32 also contains frame control bits 33.The frame control bits 33 include security bits 35, 36, and 37. Securitybit 35 indicates whether encryption is on or off. Security bits 36 and37 together indicate the integrity level, such as 0, 32, 64, or 128bits. It will be recognized that providing security bits in each frameallows the security level to be modified on a frame-by-frame basisrather than on the basis of a pair of correspondents, thereforeproviding greater flexibility in organizing communications.

In order to provide security, certain minimum security levels may beused. These levels should be decided upon among all of thecorrespondents through an agreed-upon rule. This rule may be eitherstatic or dynamic.

In operation, the correspondent 12 performs the steps shown in FIG. 4 bythe numeral 100 to send information to the correspondent 14. First, thecorrespondent 12 prepares data and a header at step 102. Then it selectsthe security level at step 104. The security level is determined byconsidering the minimum security level required by the recipient, thenature of the recipient, and the kind of data being transmitted. If thesecurity level includes encryption, then the correspondent 12 encryptsthe data at step 106. If the security level includes authentication,then the correspondent 12 signs the data at step 108. Then thecorrespondent 12 includes bits indicating the security level in theframe control at step 110. The correspondent 12 then sends the frame tothe correspondent 14.

Upon receiving the frame, the correspondent 14 performs the steps shownin FIG. 5 by the numeral 120. The correspondent 14 first receives theframe at step 122. It then extracts the security bits at step 124. Ifthe security bits indicate encryption, then the correspondent 14decrypts the data at step 126. If the security bits indicateauthentication, then the correspondent 14 verifies the signature at step126. Finally, the correspondent 14 checks the security level to ensureit meets predetermined minimum requirements. If either the encryption orauthentication fails, or if the security level does not meet the minimumrequirements, then the correspondent 14 rejects the message.

It will be recognized that providing security bits and an adjustablesecurity level provides flexibility in protecting each frame of thecommunication. It is therefore possible for the sender to decided whichframes should be encrypted but not authenticated. Since authenticationtypically increases the length of a message, this provides a savings inconstrained environments when bandwidth is at a premium.

In a further embodiment, the correspondent 12 wishes to send the samemessage to multiple recipients 14 with varying minimum securityrequirements. In this case, the correspondent 12 chooses a securitylevel high enough to meet all of the requirements. The correspondent 12then proceeds as in FIG. 4 to assemble and send a message with thesecurity level. The message will be accepted by each recipient since itmeets each of their minimum requirements. It will be recognized thatthis embodiment provides greater efficiency than separately dealing witheach recipient's requirements.

In another embodiment, a different number of security bits are used. Theactual number of bits is not limited to any one value, but rather may bepredetermined for any given application. The security bits shouldindicate the algorithm parameters. They may be used to determine thelength of a key as 40 bits or 128 bits, the version of a key to be used,or any other parameters of the encryption system.

It will be recognized that in the above embodiments, a network stack maybe used to organize communications between the correspondents. Referringtherefore to FIG. 6, the a network stack of correspondent A is shown bythe numeral 130. A network stack of correspondent B is shown by thenumeral 140. The network stacks are organized into layers and havesimilar structures. The network stack 130 includes an application layer(APL) 132, a network layer (NWK) 134, a message authentication layer(MAC) 136, and a physical layer (PHY) 138. The network stack 140includes similar components with similar numbering.

The sender determines how he wants to protect payload (and where toprotect it, i.e., which layer). For the APL layer, security should betransparent; its role is limited to indicating at which level it wantsto protect data (i.e., security services: none, confidentiality, dataauthenticity, or both). The actual cryptographic processing then isdelegated to lower layers.

The recipient determines whether or not to accept protected payload,based on the received frame and locally maintained status information.The outcome of the cryptographic processing (done at the same layer asthat of the sender), including info on the apparently offered protectionlevel, is passed to the application layer, who determines whether theoffered protection level was adequate. The recipient may acknowledgeproper receipt of the frame to the original sender, based on this‘adequacy test’.

The acknowledgement (ACK), if present, is then passed back to the senderand passed up to the appropriate level (if protected message sent at APLlayer, then ACK should also arrive back at that level; similar for lowerlayers of course).

The sender A determines that it wants to protect payload m using theprotection level indicated by SEC (taking into account its own securityneeds and, possibly, those of its intended recipient(s). The payload mand desired protection level SEC is then passed to a lower layer (e.g.,the MAC layer, as in the diagram) which takes care of the actualcryptographic processing. (This message passing could include additionalstatus information that aids in the processing of the frame, such as theintended recipient(s), fragmentation info, etc. Note that the delegationof the cryptographic processing to a lower layer is only a conceptualstep if cryptographic processing takes place at the same layer at whichthe payload m originates.) Cryptographic processing involves protectingthe payload m and, possibly, associated information such as frameheaders, using the cryptographic process indicated by the desiredprotection level SEC. The key used to protect this information isderived from shared keying material maintained between the sender andthe intended recipient(s). After cryptographic processing, the protectedframe, indicated by [m]K, SEC in FIG. 6, is communicated to the intendedrecipient(s) B.

The intended recipient (s) retrieves the payload m′ from the receivedprotected frame, using the cryptographic process indicated by theobserved protection level SEC′, using a key that is derived from sharedkeying material maintained between the sender and the recipient(s) inquestion. The retrieved payload m′ and the observed protection levelSEC′ is passed to the same level at which the payload was originated bythe sender, where the adequacy of the observed protection level isdetermined. The observed protection level SEC′ is deemed sufficient, ifit meets or exceeds the expected protection level SEC₀, where theparameter SEC₀ might be a fixed pre-negotiated protection level thatdoes or does not depend on the retrieved payload m′ in question.(Defining SEC₀ in a message-dependent way would allow fine-grainedaccess control policies, but generally involves increased storage andprocessing requirements.)

The above approach works in contexts where expected and observedprotection levels can be compared, i.e., where the set of protectionlevels is a partial ordering. An example is the context where protectioninvolves a combination of encryption and/or authentication, with asordering the Cartesian product of the natural ordering for encryption(encryption OFF<Encryption ON) and the natural ordering ofauthentication (ordered according to increasing length of dataauthenticity field). Moreover, if the set of protection levels has amaximum element, then the sender can use this maximum protection levelto ensure that (unaltered) messages always pass the adequacy test.

In the above embodiments, each sender has to pre-negotiate the minimumexpected protection level SEC₀ with each intended recipient. Thus, theapproach might not be as adaptive as desirable for some applications andmay involve additional protocol overhead at every change of the SEC₀parameter. These disadvantages can be overcome by using theacknowledgement (ACK) mechanism from recipient(s) to sender as afeedback channel for passing the SEC₀ info. This is performed byincorporating in each acknowledgement message an indication as to theexpected protection level. This information can then be collated by theoriginal sender to update the minimum protection level expected by itsrecipient(s), whether or not this is message-dependent or not.

In a further embodiment, a method of synchronizing security levels isshown. Referring to FIG. 7, another embodiment of the communicationsystem is shown generally by the numeral 160. The system includes asender A 162 and recipients 168 in a group labelled G. The sender Aincludes parameters SEC_(A) 164 and SEC_(G) 166.

Sender A wants to securely communicate a message m to a group G ofdevices. The sender A has access to the two parameters, i.e.,

(1) The minimum level SEC_(A) at which it would like to protect thismessage (in general, SEC_(A) might depend on the group it sendsinformation to and the message itself, so proper notation would beSEC_(A) (m,G));

(2) The minimum protection level SEC_(G) that the group G of recipientsexpects (again, the proper notation would be SEC_(G)(m,A) if this levelwould depend on the sender and the message itself as well). Here, theminimum expectation level of a group is the maximum over all groupmembers of the minimum expectation level for each group member.

Initialization

Sender A assumes that each parameter SEC_(G) is set to the maximumprotection level (for each group G it securely communicates with).

Operational Usage

-   -   Sender A determines the minimum protection level SEC_(A) at        which it wants to protect the message m. The actual protection        level SEC applied to the message m meets both its own adequacy        test (i.e., SEC≧SEC_(A)) and the minimum expected level by the        group G (i.e., SEC≧SECG).    -   Each recipient B that is in the group G of recipients (i.e.,        BεG) indicates in its secure acknowledgement message the minimum        expected protection level (for sender A and message m) at that        particular moment of time.    -   A updates the parameter SEC_(G) such that it is consistent with        all the minimum protection levels indicated in each of the        acknowledgement messages it received back (i.e., SECG≧SECB for        all responding devices B).

Note that the procedure described above sends messages with a protectionlevel that satisfies both the needs of the sender and expectations ofrecipient(s) and is adaptable to changes herein over time.Alternatively, the sender might only take its own protection needs intoaccount, at the cost of potentially sending messages that will berejected by one or more recipients due to insufficient—since less thanexpected—protection level.

The procedure described above can be generalized towards a generalself-synchronization procedure for status information among devices inany network topology, where the feedback info on status information maybe partially processed along the feedback path from recipient(s) towardssender already, rather than at the sender itself only (in the exampleabove, this graph is a tree with root A and leaves the recipient(s) andthe synchronization involves a specific security parameter).

As seen in FIG. 8, A sends a payload secured at protection level SEC toa group of devices consisting of B1-B4. The recipients B1-B4 providefeedback to the sender A on the expected protection level (indicated inthe diagram as the integers 1, 3, 2, 5, where these integers arenumbered in order of increasing protection level). The feedback iscommunicated back to A via intermediate nodes C1 and C2, who collect therespective feedbacks of devices in their respective groups G1 and G2 andprocess this, before returning a condensed acknowledge messagerepresenting both groups to sender A. The condensed feedbacks providedby these intermediate devices provides A with the same information onthe minimum protection level that satisfies the expectations of allrecipients as would have been the case if this information would havebeen forwarded to A without intermediate processing. (Here, we assumethat the intermediate devices do not cheat in their calculations.)

Although the invention has been described with reference to certainspecific embodiments, various modifications thereof will be apparent tothose skilled in the art without departing from the spirit and scope ofthe invention as outlined in the claims appended hereto.

1. A method of communicating in a secure communication system,comprising the steps of: a) assembling as message at a sender; b)determining a security level; c) including an indication of the securitylevel in a header of the message; d) sending the message to a recipient.2. A method according to claim 1, wherein the security level is chosento be at least a minimum security level known to the sender and therecipient.
 3. A method of communicating in a secure communicationsystem, wherein each communication is divided into a plurality offrames, and each frame includes an indication of a security level,thereby allowing each frame to have a different security level to adaptto the nature of each frame.
 4. A method of providing a security levelto a sender by including information in an acknowledgement message.